I'm not a Kerberos expert by any means, but I believe that your problem may be due to the fact that you do not have a proper machine account in AD setup for your Sun Ray server (Kerberos host principle, e.g. hostn...@realm). If you're trying to join a Solaris 10 machine to the domain, the adjoin.sh script from the opensolaris cifs project works with S10 Update 5 - 7.
Best Regards, Nick Ross -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kevin Farrell Sent: Monday, June 15, 2009 11:10 AM To: SunRay-Users mailing list Subject: Re: [SunRay-Users] Problem with Kerberos authentication in VDI3 David, I had a similar issue which went away when I realized that my NTP server had gone down and neither my AD domain controller nor my VDI servers were synchronizing time. Double-check that your times are synchronized between the DCs and the VDI servers. -Kevin Farrell David L. Endicott wrote: > We have VDI3 running in production mode with an external database. Users > are authenticated in Active Directory. The system works great, but after > 24 hours or so, authentication just stops. New sessions show no domain > in the domain field on the login screen. I can get it working again by > running kinit -V [email protected] on each SRSS server. Then, all > is well for the next day or so before it stops. > I have NTP server running on the sun servers and have the AD domain > setup to use the Sun server as a time source. Time appears to be syncing > up fine. Here is a copy of the lines I modified in my krb5.conf: > > [realms] > MY.DOMAIN = { > kdc = DC1.MY.DOMAIN > kdc = DC2.MY.DOMAIN > } > > [domain_realm] > .MY.DOMAIN = MY.DOMAIN > MY.DOMAIN = MY.DOMAIN > > As I said, all is well for a while and then it just stops. I am about to > put this thing into production and really need some help. Anything > anyone can suggest would be greatly appreciated. > > Thanks, > DLE > > > David L. Endicott > NeoTech Solutions, Inc. > > Voice - 417.623.6365 > Fax - 417.623.6252 > cell - 417.529.7463 > email - [email protected] > > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users > _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
